Password Change Policy Help & Account Security
This folder contains step-by-step guides and resources to assist faculty and staff with our Password Change policy. These articles provide instructions on updating passwords, recovering accounts, setting up multi-factor authentication (MFA), and addressing common login issues. Use these resources to ensure a smooth transition and maintain secure access to college systems.
-
Understanding the Difference: Microsoft vs. My.Curry.edu (QuickLaunch) Passwords
Summary Curry College uses two separate login accounts and passwords for different systems: a Microsoft password and a My.Curry.edu (quicklaunch) password. Understanding the difference between these two will help you access the right services with the correct credentials. Key Differences Feature Microsoft Password My.Curry.edu Password Used for Microsoft 365, Teams, OneDrive, Windows login, Zoom, Curry Secure Wifi My.Curry.edu portal, Canvas, Levin Library Databases, Papercut, Apogee, Freevo, CWIS, Banner Managed by Curry College IT and Microsoft Curry College IT Reset through Office.com or IT Help Desk Calling helpdesk at x2911 My.Curry.edu portal or Calling helpdesk at x2911 Password Reset Policy Must be reset every 120 Days Currently no password expiration policy Microsoft Password A Microsoft password is used to access Microsoft-related services that the college provides, such as: Microsoft 365 (Office 365) – Outlook, Word, Excel, Teams, OneDrive, etc. Windows Login (For College-Owned Devices) – Used for logging into Curry College computers Single Sign-On (SSO) for Integrated Applications – Some third-party applications use Microsoft credentials for authentication. (You may notice in the future that more login screens for applications we use at Curry will prompt you to sign in with SSO) Important for Mac Users Please note that resetting your Microsoft will not affect your login password for your MacBook. This password change only applies to Windows computer logins. If you use a Mac, you will continue to use your Mac login password to access your device. Microsoft Sign in Screen Example – Below is an example of what a Microsoft login screen looks like. Once you input your curry email address and click next, you will be brought to a screen with a picture of the student center at night in the background. If you see this background of the Student Center, you will know it’s asking for your Microsoft password. My.Curry.edu Account A My.Curry.edu account is specifically used for accessing Curry College’s internal portal and associated services, such as: My.Curry.edu Portal – Student, faculty, and staff access to academic records, billing, and campus information. Canvas – Online learning management systems. Library Resources – Some databases may require My.Curry.edu credentials. My.curry.edu (QuickLaunch) Sign In page example – If you see a picture of the Learning Commons building during the day, it asks for your my.curry.edu login credentials. Your username is everything before the “@” symbol in your email. Your password used here is your my.curry.edu portal password. Conclusion Understanding the differences between your Microsoft password and My.Curry.edu password ensures you can access the correct services without confusion. While both are managed by Curry College IT, they serve distinct purposes and have different reset policies. If you have any questions or need assistance with your My.Curry.edu or Microsoft passwords, please contact the Help Desk by: Emailing: support@curry.edu Submitting a ticket: support.curry.edu Calling: x2911 during business hours The IT team is happy to assist you with any login or password-related issues!
-
How to Reset Your Microsoft Password at Curry College
Keeping your Microsoft password secure and up to date is essential for accessing Curry College systems and services. Whether you need to change your password for security reasons or have forgotten it, this guide will walk you through the steps to reset your Microsoft password. Follow the instructions below to update your credentials and ensure uninterrupted access to applications like Microsoft Teams, OneDrive, and Curry’s secure Wi-Fi. Important: After resetting your password, you will need to re-enter it anywhere you are currently logged in with your Microsoft account. This includes applications such as Microsoft Teams, OneDrive, and Curry’s secure Wi-Fi. Be sure to update your credentials on all your devices to avoid any disruptions. How to Reset Microsoft Password Method 1: Click the following link https://mysignins.microsoft.com/security-info/password/change Enter your Curry email address and click Next. (If you are already logged in, you may not see this screen when you navigate to the link above) Enter your Microsoft password and click Sign in. (If you forgot your password, click on Forgot my password and follow prompts) You will now be prompted to verify your identity through Multi Factor Authentication. For more information on Multi Factor Authentication click the link below https://currycollege.freshservice.com/a/solutions/articles/19000054625 In the Change your password screen, enter what you’d like to change your password to in the New Password text field. Re-enter the same password in the Confirm new password text field. Once the password has been entered in both text fields, press Submit. Once you see the screen below, you have successfully updated your password! Method 2: If the link previously listed does not work, her is another guide to changing your Microsoft Office password. 1. Go to office.com and sign in using your Curry College email address. 2. Once signed into the office, you will be on the main dashboard of Office.com. Navigate to the bottom left of the screen where you will see the initials of your name. 3. Click on “View Account” 4. Then click on “Change Password” 5. A pop up to change your password will appear. Type in your new Password and then confirm it. 6. Finally, when you confirm your new password. Click on “Submit” to save. Important Note: After resetting your password, you will need to re-enter it anywhere you are currently logged in with your Microsoft account. This includes applications such as Microsoft Teams, OneDrive, and Curry’s secure Wi-Fi. Be sure to update your credentials on all your devices to avoid any disruptions.
-
Forgot your Microsoft Password? Step-by-Step Reset Guide
If you’ve forgotten your Microsoft password, you can reset it using Curry College’s self-service password recovery process. This guide provides step-by-step instructions to regain access to your account. By following these steps, you can securely reset your password and restore access to Microsoft applications such as Teams, OneDrive, and Outlook. 1. Navigate to office.com and click on either of the Sign in buttons 2. Click on Can't access your account? 3. Click on Work or school account 4. Enter your email and enter characters in the picture below 5. Select I forgot my password and click on Next. 6. Choose a verification option and complete the prompts. 7. Enter a new password in the Enter new password text box and then re-type the new password in the Confirm new password text box. Your password has been reset successfully! Please allow some time for your new password to sync across all applications you are signed into, including Microsoft Teams, OneDrive, and Outlook. If you experience any issues while resetting your password, please contact the Help Desk at x2911 for assistance. For security reasons, we cannot reset passwords via email. Password resets must be done over the phone or in person, and you will be required to confirm your identity.
-
Curry College Password Policy: Guidelines for Secure Access
Password Policy Modified on: Wed, July 24, 2024 Curry College Password Policy Overview Passwords are an important aspect of account and data access security. A poorly chosen password may result in unauthorized access and/or exploitation of Curry's resources. All users, including contractors and vendors with access to Curry’s systems, are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords. Purpose This policy establishes a standard for creation of strong passwords, their protection, and the frequency of change. The scope of this policy includes all personnel who have or are responsible for an account (or any form of access that supports or requires a password) on any system that resides at any Curry College facility, use or otherwise access or interact with the Curry College network or any Curry College technology information resource. Policy Any and all passwords, including initial passwords, must meet the following requirements when technically feasible: must have a minimum length of 14 characters must contain a mixture of both upper and lower-case characters must include at least one (1) number and one (1) special character. must be changed at least every 120 days must lock a User Account after ten (10) invalid login attempts, and will require an authorized administrator to unlock the account must be forced to be changed upon first use must keep history for at least two (2) previous passwords Passwords must be encrypted during transmission and storage including automation, scripting, and password remembering features. A screensaver or a power timeout shall be configured for no greater than 30 minutes of idle activity to the extent technically feasible, and such timeout shall require password re-enter. Always use different passwords for Curry College accounts from other Non-curry College access Default passwords must be changed prior to system use. User account passwords must not be shared with anyone. Computing devices must not be left unattended without enabling a password-protected screensaver or logging off the device. must not be anything that can be easily tied back to the account owner such as: username, social security number, nickname, relative’s names, birth date, etc If the User suspects or has reason to know that the security of a password may be compromised, the password must be changed immediately. Users should immediately report the discovery to the Curry College ITS Help Desk at 617-333-2911. Revision History CISO – July 2024
-
Multifactor Authentication (MFA)
Multifactor Authentication (MFA) What is multifactor authentication? When you sign into your online accounts - a process we call "authentication" - you're proving to the service that you are who you say you are. Traditionally that's been done with a username and a password. Unfortunately, that's not a very good way to do it. Usernames are often easy to discover; sometimes they're just your email address. Since passwords can be hard to remember, people tend to pick simple ones, or use the same password at many different sites. That's why almost all online services - banks, social media, shopping and yes, Microsoft 365 too - have added a way for your accounts to be more secure. You may hear it called "Two-Step Verification" or "Multifactor Authentication" but the good ones all operate off the same principle. When you sign into the account for the first time on a new device or application (like a web browser) you need more than just the username and password. You need a second thing - what we call a second "factor" - to prove who you are. A factor in authentication is a way of confirming your identity when you try to sign in. For example, a password is one kind of factor, it's a thing you know. The three most common kinds of factors are: Something you know - Like a one time password, or a PIN. Something you have - Like a smartphone, or a hardware token. Something you are - Like a fingerprint, or facial recognition. How does multifactor authentication work? Let's say you're going to sign into your work or school account, and you enter your username and password. If that's all you need then anybody who knows your username and password can sign in as you from anywhere in the world! But if you have multifactor authentication enabled, things get more interesting. The first time you sign in on a device or app you enter your username and password as usual, then you get prompted to enter your second factor to verify your identity. Perhaps you're using the free Microsoft Authenticator app as your second factor. You open the app on your smartphone, it shows you a unique, dynamically created 6-digit number that you type into the site and you're in. If somebody else tries to sign in as you, however, they'll enter your username and password, and when they get prompted for that second factor they're stuck! Unless they have YOUR smartphone, they have no way of getting that 6-digit number to enter. And the 6-digit number in Microsoft Authenticator changes every 30 seconds, so even if they knew the number you used to sign in yesterday, they're still locked out. It is also very important that you deny any verification requests that you did not initiate. If you are receiving notifications via sms, phone or the app that you believe to be fraudulent, please make a report. Don't get locked out of your account! Multi-factor authentication is dependent on having your second factor available to you where you are and at all times. We highly recommend configuring a back up verification method (i.e an external e-mail) in the scenario that you forget your device at home, you lose it or change numbers. If you are stuck and this is not an option, we still have you covered. Please give our support desk a call for further assistance on resetting your verification methods. FAQ's Who is impacted by MFA? Students, Faculty, Retired Faculty and Staff will be required to MFA by 7/31/2022 What applications or systems are protected by MFA? For Faculty and Staff: Microsoft O365 For Students: Gmail What are my MFA options? You will be able to choose a primary and secondary authentication method when you register. ITS recommends using the Microsoft Authenticator App. Secondary authentication methods can include text message verification and phone call verification. How can I change my MFA options? You will be able change your MFA options at the start of the MFA program and Curry ITS will provide you with a link. A resources tab will be available where you can find instructions on how to set up each individual option. What if I forget my mobile device at home? It may happen that you forget your mobile device at home. You can always use a backup MFA method registered to your account. If that does not resolve your problem, you can contact the Service Desk at Support@curry.edu or call 617-333-2911. What if I am experiencing other issues with MFA? For all issues regarding MFA, you can contact the Service Desk at Support@curry.edu or call 617-333-2911. Why am I getting a verification prompt when updating my methods? When you start using and managing your verification methods, Microsoft will begin to use the same verification methods to verify your identity when you try to access the "MySecurity" page. This Multi-factor requirement is applied by default from Microsoft and only towards your security settings page. How often will I be prompted for MFA? Browser sessions: Per each new session. You can have multiple tabs opened, but you only need to satisfy MFA once under the same browser session. Going to a new computer or different browser will prompt you again. Applications: Outlook, Teams, OneDrive and other office applications may prompt you within 30 days from your last successful verification. This only applies to installed computer apps and not browser apps. What if I do not have a mobile device? MFA supports external e-mails for verification which may be accessed via a web browser. If applicable, setting up a call to your office number is an ideal back up as well. We recommend always having two methods configured. Resources Quick MFA Method Overview How to Setup Microsoft Authenticator MFA Supported Authentication Methods and Configuration